Among the "top 10" for insecure software products, I can see the pack leaders are Windows, Acrobat PDF plugins, and Flash. Such a merger sounds like a match made in heaven.
I was just going to use the oil change analogy myself if I wasn't able to find it here, thx:)
I work at a computer repair shop, I'm one of the main techs. We get people coming in all the time to have us do very basic things, and are quite willing, some would say eager, to pay for it. Sometimes I try to talk them out of it though... "it's very easy to set that up, if you've got a couple minutes I can walk you through it while we're on the phone..." "Can I just bring it in and have you do it?" "Sure. Will probably cost about $xxx". "I'll be there in an hour."
Not everyone wants to be computer literate. And I don't want to change my own oil. So I get it. There are certain basic things I'd do with my truck... I clean the air filter, top off the fluids, change the lights. But I don't change my plugs, change my oil, or do much of anything involving the engine. People are the same way with computers. Last think I want is someone trying to discourage the local shop from providing me the service of changing my oil.
A little OT, I was unable to do a firmware upgrade on my almost brand new HDTV. The Greek Squad came out and couldn't get it to accept the update either. After awhile it came down to them having to order a new motherboard for it. I must admit that when at first I couldn't get it to work I was feeling kinda stupid, felt a lot better when someone with more experience with them couldn't get it to work either.
If you don't pay that fee, you don't get fire protection.
I agree with their reasoning of "if we got a call from an uninsured person and they could just pay the $75 then, then everyone would only pay when they had a fire".
HOWEVER, the solution of letting your house burn when you call if you haven't paid, is the wrong way to solve that problem. There are several much more humane and equally acceptable approaches. Here's one good alternative:
Impose a FINE for calling the fire department if you have a fire and didn't pay your dues. Make it fairly large, something to make the firefighter's trip worthwhile. $2500 lets say. If you call, and you don't have coverage, you get fined $2500, and $75 of that goes toward that year's dues.
Problem solved. Most people will still pay upfront for "fire insurance" of the fire department, people that either forget or are too cheap to spring for it will still have service, and the city won't lose money in the deal.
The $2500 figure could be adjusted for whatever the city figures they're going to lose in people stopping their $75 dues, and factoring in the few additional calls they'll be going out on. I have no idea if that's a reasonable number, and it could vary a lot from place to place, I could be off quite a bit in either direction, but the idea is sound.
The fire department telling you they're not going to help is just plain not acceptable, no moreso than showing up at the emergency room and being sent home home because you don't have medical insurance.
Read some history on fire protection in years past. Independently-run fire departments competed for customers in a city. You'd nail the company's badge on your door to indicate you'd paid for protection. Trucks would be spread out around town all day/night and would respond to fires on sight. If they got there, they'd check your door for their badge. No badge, and they'd watch it burn, or take a one-time payment. Some people would subscribe to more than one group in town to cut response time. Sometimes one company would try to hinder another company from helping, if they got there first, didn't find their badge, and then another company showed up ready to help. That's the sillyness that got fire protection handed over to the cities. The behavior we are looking at here today is just as bad. You can't have profit being the top decision maker in emergency services. (btw, those door badges are very collectable nowadays)
I should have clarified, I'm talking practical, and someone was bound to read that as possible.
Yes I know we can dig a deep hole, but it's very expensive. And once we have the hole, how easy is it to either lower the exchanger down there and run it there, or sustainably bring the heat up in a usable form?
I don't suppose it ever occurred to them to wipe that one station and load old OS onto it?
When your hardware is 7-10 yrs old, it usually won't run the old os. as in, even if you try to force it and override its popup complaining about not meeting minimum requirements.
Try to install Windows 3.1 on your new Dell. Or Mac OS 9 on your new iMac. Not happening. Critical firmware / bios support has long since been removed. The installer disc won't even boot, and the OS won't boot even if you transplant the HDD.
The thing is, it's a bad idea to just keep running an old system, even if it still works just fine for you. I see this all the time. People calling looking for help because they can't get on their bank's web site anymore. (java out of date, OS issue, NOT browser) Or they bough software that says it can't install. (not enough memory or OS too old) Or they have a special piece of hardware that broke, bought a replacement, and the newer software it came with won't run on their OS.
I tell people, "You really need to get a new machine. Yes, I know, it still works just fine for you, but eventually you're going to be forced to upgrade, and the longer you wait, the bigger of a problem it's going to be". I'll tell you a few stories of businesses that didn't listen to me, and paid the price:
Story 1:
Local designer. Designs posters, not sure what for, maybe movies, he's apparently pretty good, customers all over the usa. Anyway, he has a fancy machine that looks like a giant printer. It cuts posterboard to exacting size, for use in his big printer. Cuts perfectly straight long lines on the really heavy stock, both side and end. Brought in the computer and cutter, the computer had an OS meltdown due to dying hdd. It was 10 years old. He was lucky I even had experience with an OS that old. But although I could fix the OS, the software that ran the cutter had draconian DRM on it that made it require reinstallation when moved to another hard drive. I was unable to crack the protection, and he was unable to find the original discs. So he had to buy new software. (several thousand dollars) Come to find out, the new software wouldn't run on the old computer, NOR would it run the old cutter. He went from cussing over having just put in a new set of $250 blades, to REALLY cussing for having to buy a new cutter. (10 grand) And a new computer of course, which ended up being the cheapest angle.
Story 2:
Audio recording man. Does high end audio mixing and CD mastering. Had problems with a reinstall of his pro audio software. Come to find out he'd been with them since the start version 1.0, 1995'ish. He tried to reinstall the software, and it was an update and failed to find the older software so it wouldn't install. (and it wasn't the type to ask you to insert the older disc or type in the older license code, it required the previous version to be installed)
It took several days of scrounging around to find ancient machines and MEDIUM DENSITY FLOPPY DRIVES so we could start the installation chain from his version 1.0 floppies on Mac OS 7, and work forward, to vers 2, 2.,5, 3.0, 3.5, 4.0, 5.0, 6.0, and finally to his version 7. This wasn't so much a case of living in the past, but his software sure was.
Story 3:
Local newspaper. 7 machines about 8 years old, including server. Running old versions of adobe, quark, and pagemaker products. Kept telling them this is a bad idea holding off on upgrades so long. Editor was a penny pincher and refused to listen. Put more memory in. Upgrade/replace that hard drive. Who cares if the server has no video, it still works.
One of their desktops dies. Unrepairable, parts not available. So they bought a new machine. Whoops, it comes with a new os, won't run the old pro software. So they buy one set of licenses for it. Whoops, it can import from the old software but not export back to it and they have to be able to share. So they buy more licenses. Whoops, those won't install on the older systems, OS is too old. Looking further, whoops, their hardware is too old to install the reuqired OS.
So, all at once, they had to buy a new server, 8 new desktops, tens of thousands of dollars in software, and spend the next several months in the hell that is doing an import-open on everything they double click, requiring proofing and corrections/adjustments. I'm amazed the editor didn't have a heart attack.
I wonder though, if they don't find a way to lengthen the telomere tail on the cell's dna, it's age won't be reset. You can't just take anyone's skin cells and make stem cells from them, if they're older generation cells the telomere tail will be short and the cell culture's lifespan will also be short.
tidally locked isn't necessarily a bad thing. It guarantees that there's a "habitable ring" around the planet that is between the hot and cold side's temps, and its unchanging. So in some respects, it's better than earth here where we have to get used to day/night shifts. Look at what say, the desert does from noon to midnight, huge temp swings. It also means it doesn't have seasons since it's rotational axis is perpendicular to its orbital path. (consider the vast differences we get on the majority of the earth due to change in season) So not only do you have a wide variety of temperatures, but they're almost absolutely stable.
And really, once life gets going and has time to start evolving and improving its ability to adapt, the limits of temperature in general matter less and less and life just spreads out to colonize before-unclaimed territory.
That's something I was contemplating... the app itself and the price its set at (as well as other factors) could dramatically affect these numbers.
For example, if adobe were to loosen their DRM system on say, elements, a very useful and respected app, and price it at $500 a license, the pirated vs legit licenses would be somewhere around 95%. OTOH if the app was priced at $10/license and kept its DRM, the rate would probably be somewhere around 5%. The piracy rate is a function of the DRM and and of the value of the software and the reasonableness of the price for a specific market.
The market also plays into it a bit. You may have a wickedly useful app in a highly specialized market, so you price it high and still get low piracy rates because the ones buying it need it, recognize its quality, and can easily afford it. But then say a smaller amateur market realizes how useful it can be to them, but no way in hell they want to pay whats being asked for it for a hobby, so the piracy rate in that market, for the same app, could easily be over 90%.
Compare say, photoshop in CS, versus elements. They used plan B. When people with shallower pockets want to use your pricey software, the profitable way to do it is to offer a lower grade of software, at a lower price, so they can reasonably buy instead of pirate. It's when a small number of large sales gets less profit than a much larger number of smaller sales.
You have to fine tune your price point to optimize your revenue. Too low and you're missing out on what people are willing to pay. Too high and piracy starts to drive the curve downward on the other side. Either find the sweet spot for your one product, piss everyone off with draconian DRM, or offer multiple tiers of your product at different price points. Of course having multiple versions of your software makes fine tuning your price points a major headache, but can work to squeeze the most out of the market.
I guess all I'm saying is that piracy rate in itself doesn't really say much about where the problem is. Anyone that tells you that this leads to just one obvious conclusion, (like, oh we NEED DRM! or THIS PLATFORM'S USERS ARE ALL PIRATES!) is either an idiot, or is pushing an agenda. So someone bringing up a specific software example without providing any of the necessary details to sort out all the possible factors is either an idiot or is trying to deceive you.
They need to treat this like what it is -- the theft of their property
Interpretation of law becomes muddy when someone "finds" something. Many states have "good faith" type laws that try to clarify when it's obviously not abandoned property, having to make a good faith effort to return it, posting "found" notices etc and waiting awhile etc. "Finders keepers" rarely wins the at the end of the day, but it can involve a fight on behalf of the original owner. Items that can autonomously run away are granted significantly more leeway here. (your lawnmower won't just run away from home to be found by someone a few blocks away in a park, lonely and hungry)
No one actually said anything about the pet being stolen, that just seems to be what everyone is suspecting, which in the case of a pet is not usually a safe assumption.
It may also get into 3rd party issues. They may have gotten the animal from a shelter. Or from an ad in the paper. Possession of stolen property loses you the right to compensation if you had to pay for it, (speaking from experience here...) but unless you can prove theft, the issue of compensation may also come up.
The chip company I fully support: they should not ever give out personal information without court orders. That's basic privacy protection.
The point many seem to be overlooking is that the original owner was sold a product specifically designed to identify their property. I very much doubt any information was given to the owner that "and oh by the way, when you find you NEED to locate your pet, we're going to use this law as an excuse not to provide you with the service you are purchasing from us today".
So while the chipper technically is behaving legally, the original terms of sale etc are not being honored, and at this point, going after them on these grounds may be the best recourse. But then, winning a judgement against the chipper for breach of contract or unfit for purpose won't get them their pet back, but just might win a large enough judgement to force some change.
The two sorts of change that may occur are to either add a term in their contract saying they won't help under this circumstance, or adding a term saying if you bring your animal to us to chip and we find out it's already chipped, you agree beforehand that we can turn your information over. Of course the latter makes more sense for the consumer.
But the whole matter of the judge claiming no jurisdiction may just mean they have to take their case to a judge that does feel they have jurisdiction. But you've probably got the original owner in one state, the new owner in another state, and the chipper in a third state, so this may just prove to be a complete runaround with no one willing to claim jurisdiction.
I don't even recall being able to see the floor last time I flew. Rows of people's legs to my sides, with a seat in front of me almost overhanging my lap. The whole body of the plane being clear wouldn't have improved my view much besides up, and I see plenty of sky while walking to my destination thankyouverymuch.
The new bill would give the government the authority to shut down the sites with a court order; the site owner would have to petition the court to have it lifted.
Did I read that right, that they can get the site yanked, and then you have to get to work to prove your innocence before you can have your site back up?
I wonder what happens when you ask the system to zero a ssd then? the blocks that had already been zero'd would probably not be touched since they were already zeroed. (for performance reasons)
Reason being, for someone with the proper very expensive toys, it's probably not impossible to determine the last state of a flash block before it was last flashed to zero.
Yep that was the other option I was waiting for someone to bring up. There are two ways to hide something from discovery... out of sight (stenography) and in plain sight. (as discussed above)
You either have to make your data look normal, or make all the rest of the data look just as abnormal as yours. (make your data look unexceptional, one way or another)
Stenography has the advantage of not having to make everything look abnormal. But it has other drawbacks/tradeoffs, such as limited size and limited application. (usually involving hijacking of lowest order bits in things like images or padding slack space such as at the end of files - both of which run risks of being accidentally destroyed since they're using reserved space)
Looks like it uses "srm". manning on srm, I would speculate that secure trash empty does a "medium grade" secure:
overwrite the file with 7 US DoD compliant passes (0xF6, 0x00, 0xFF, random, 0x00, 0xFF, random)
Over the course of a lot of hard drive use, that would create a lot of random information in the free space, probably eventually covering most of your free space. It'd still be a good idea to start with a completely randomized partition though.
Another poster just below says "Deallocated blocks will have content that's far from random, but still high entropy."
Not really. Files nowadays are generally stored unfragmented, due to large hard drive capacities. File headers make for easy pickings to sort out what's compressed and what's not. Many apps that store files in encrypted format have headers that can be easily verified as being created by the encryption program. (encrypted disk images for example) If you can identify the file as being compressed, you can handle it differently.
However, absolute random noise on a disk isn't all that usual,
Actually, nowadays, it's extremely unusual. Blocks are all zero'd from the factory, and anything you save over them that's later marked free will almost certainly be far from random. (like pieces of pictures, documents, applications, etc)
Really, statistically speaking, if you wanted to look on a hard drive for encrypted data, your best bet would be to go looking for blocks of high entropy data.
The only defense against this would be if you did a random wipe of your hard drive when you bought it, and then reinstalled, and patched your OS to automatically random-wipe files before deleting or updating/moving them. But then you get into the area of "this person is obviously going to a lot of work to make it easy to hide something from us", which by itself raises an eyebrow.
And on that note, I'm a little surprised now that I think about it, that I can't come up with a single example anywhere of a native or add-on OS feature for any OS, that does random-wipe-on-delete. OS X has "erase free space" built into disk utility, and you can find an app to do this for other OSs, but obviously zero'd blocks are not what we need to be creating. And the fact that you have to do this step manually, and it takes HOURS to run usually, is also surprising. I don't know offhand if OS X's "secure empty trash" zeros or randoms, but you're not likely to do that for EVERYTHING you throw away since it takes time, and since a lot of files get moved/deleted by the OS automatically without doing this. (end problem: anyone with a clue knows you can't hide anything in a bunch of zero'd blocks)
If they're already doing the serial number, then a unique random code wouldn't be much of a bother.
There'd have to be more to it than just that though. Usually in those cases (such as with the sat receivers) they have to put in special circuitry in the chip.
lets say they didn't do that and just put another random number in there, lets not even say they hash the sn, we'll give them benefit of the doubt that they use a real random number and just keep a table at the plant for sn and random unlock code.
Then when you "purchase your upgrade", they mail you a link to a downloadable program, and an unlock key. You download the program, punch in the key, and the program confirms the key matches your proc and its random number, and the program then tells the processor to bump.
See the problem? The program is the gatekeeper, not the chip. Ten minutes with a disassembler and you figure out how the program is talking to the chip to unlock it, and it's cracked.
First, a clarification. It's totally impractical to physically differentiate chips during production. They use lithography, and you can't just have a machine at the end of the line that goes in with tweezers making jumper changes. The chips instead have a grid of blowable fuses. At the end of the line, the machine with the SN list drops down the pins onto the chip and runs the initial tests on the chip, and then blows the fuses corresponding to the serial number of the chip. This is irreversible. This is how they all do it. And this is how they would set an unlock code too.
Getting back to the problem. If all you are doing is setting another number on the chip, you aren't protecting the chip, you're only using it as a way to store another number. The only reason you need to know the number to unlock the chip is because the unlock program insists on your license key matching the code it reads off the chip. The program is a very weak protection, easily cracked or decompiled.
The "correct" way to do it is different:
The unlock code is still blown fuses like the serial number, but with a difference. It's WRITE ONLY. There's no instructions you can send to the processor to ask it what its unlock code is. Instead, there's a new procedure added to the chip that allows the license program to SEND the unlock code to the chip. The chip then, internally, compares the provided number with the burned one, and if they match, it unlocks. If not, it doesn't. And done properly, it won't allow another attempt for some time, possibly until it's been power cycled. This prevents brute-forcing it.
(some of the more viscous methods used in the cable industry are to only allow a fixed number of attempts, and after so many fails, the chip bricks itself or becomes permanently locked etc, via burning another of its internal fuses)
This takes protection out of the hands of the program, and puts it in the processor, safely out of reach of most people. But it does require some additional changes to the chip. In retrospect, considering all that's IN the chip to begin with, I suppose it's not that big of a deal to add, but I just wanted you to understand it's not just a matter of writing another number to the fuses.
If they were stupid, the unlock code would be a hash of the proc sn. In that case, it's quite possible that the hash algorythm could be discovered, in which case anyone could write an unlocker or a keygen for the downloadable app.
But if they were using a hash, then it wouldn't be necessary to burn the unlock code into the chip, since the proc could run the hash on its sn itself and compare with the provided hash. But as I said, that would be the stupid way to do it, and I doubt it would save them much money in the long run even if it never was broken.
it would be completely impractical to try to hard code a different key onto each chip during manufacturing.
if they wanted to do this they'd have to have a fuse array in it like the satellite dish receivers use to decrypt their signals, set at the factory after production.
Possible... yes. Expensive... somewhat. Added complexity... absolutely. Likely.... not really.
It'll just come down to knowing a supasecret opcode sequence to execute that causes the chip to shift into higher gear until it gets reset. (powered off) So they'll send you a little bit of software that installs a startup item that loads and boosts the proc at some point in the boot process. It'll be just as (in)effective as any other software antipiracy method. I'm sure they'll try all sorts of tricks like keys customized to your windows key but in the end it all comes down to someone prying open the program and giving it some brain damage so it behaves more generously. Tho if it really is a simple opcode sequence, the pirates will probably chuck the program after they've decompiled it, and write a one-liner that unlocks it for you anytime you want.
Slashdot Mirror
Among the "top 10" for insecure software products, I can see the pack leaders are Windows, Acrobat PDF plugins, and Flash. Such a merger sounds like a match made in heaven.
I'd say by the sound of it that was Cooter talking over the radio to one of the Duke boys...
just me or did he have no idea how to operate that radio?
Tho drag racing lawnmowers has got to be a redneck party theme... kud-yud-yud!
I was just going to use the oil change analogy myself if I wasn't able to find it here, thx :)
I work at a computer repair shop, I'm one of the main techs. We get people coming in all the time to have us do very basic things, and are quite willing, some would say eager, to pay for it. Sometimes I try to talk them out of it though... "it's very easy to set that up, if you've got a couple minutes I can walk you through it while we're on the phone..." "Can I just bring it in and have you do it?" "Sure. Will probably cost about $xxx". "I'll be there in an hour."
Not everyone wants to be computer literate. And I don't want to change my own oil. So I get it. There are certain basic things I'd do with my truck... I clean the air filter, top off the fluids, change the lights. But I don't change my plugs, change my oil, or do much of anything involving the engine. People are the same way with computers. Last think I want is someone trying to discourage the local shop from providing me the service of changing my oil.
A little OT, I was unable to do a firmware upgrade on my almost brand new HDTV. The Greek Squad came out and couldn't get it to accept the update either. After awhile it came down to them having to order a new motherboard for it. I must admit that when at first I couldn't get it to work I was feeling kinda stupid, felt a lot better when someone with more experience with them couldn't get it to work either.
please explain to me how it is an actual violation of that license
Section 3, paragraph 11, about a third of the way down, "Don't be evil."
If you don't pay that fee, you don't get fire protection.
I agree with their reasoning of "if we got a call from an uninsured person and they could just pay the $75 then, then everyone would only pay when they had a fire".
HOWEVER, the solution of letting your house burn when you call if you haven't paid, is the wrong way to solve that problem. There are several much more humane and equally acceptable approaches. Here's one good alternative:
Impose a FINE for calling the fire department if you have a fire and didn't pay your dues. Make it fairly large, something to make the firefighter's trip worthwhile. $2500 lets say. If you call, and you don't have coverage, you get fined $2500, and $75 of that goes toward that year's dues.
Problem solved. Most people will still pay upfront for "fire insurance" of the fire department, people that either forget or are too cheap to spring for it will still have service, and the city won't lose money in the deal.
The $2500 figure could be adjusted for whatever the city figures they're going to lose in people stopping their $75 dues, and factoring in the few additional calls they'll be going out on. I have no idea if that's a reasonable number, and it could vary a lot from place to place, I could be off quite a bit in either direction, but the idea is sound.
The fire department telling you they're not going to help is just plain not acceptable, no moreso than showing up at the emergency room and being sent home home because you don't have medical insurance.
Read some history on fire protection in years past. Independently-run fire departments competed for customers in a city. You'd nail the company's badge on your door to indicate you'd paid for protection. Trucks would be spread out around town all day/night and would respond to fires on sight. If they got there, they'd check your door for their badge. No badge, and they'd watch it burn, or take a one-time payment. Some people would subscribe to more than one group in town to cut response time. Sometimes one company would try to hinder another company from helping, if they got there first, didn't find their badge, and then another company showed up ready to help. That's the sillyness that got fire protection handed over to the cities. The behavior we are looking at here today is just as bad. You can't have profit being the top decision maker in emergency services. (btw, those door badges are very collectable nowadays)
I should have clarified, I'm talking practical, and someone was bound to read that as possible.
Yes I know we can dig a deep hole, but it's very expensive. And once we have the hole, how easy is it to either lower the exchanger down there and run it there, or sustainably bring the heat up in a usable form?
and as shallow as 5 kilometers
Their definition of "shallow" varies greatly from mine.
Is it even practical to do geothermal energy at that depth?
I don't suppose it ever occurred to them to wipe that one station and load old OS onto it?
When your hardware is 7-10 yrs old, it usually won't run the old os. as in, even if you try to force it and override its popup complaining about not meeting minimum requirements.
Try to install Windows 3.1 on your new Dell. Or Mac OS 9 on your new iMac. Not happening. Critical firmware / bios support has long since been removed. The installer disc won't even boot, and the OS won't boot even if you transplant the HDD.
The thing is, it's a bad idea to just keep running an old system, even if it still works just fine for you. I see this all the time. People calling looking for help because they can't get on their bank's web site anymore. (java out of date, OS issue, NOT browser) Or they bough software that says it can't install. (not enough memory or OS too old) Or they have a special piece of hardware that broke, bought a replacement, and the newer software it came with won't run on their OS.
I tell people, "You really need to get a new machine. Yes, I know, it still works just fine for you, but eventually you're going to be forced to upgrade, and the longer you wait, the bigger of a problem it's going to be". I'll tell you a few stories of businesses that didn't listen to me, and paid the price:
Story 1:
Local designer. Designs posters, not sure what for, maybe movies, he's apparently pretty good, customers all over the usa. Anyway, he has a fancy machine that looks like a giant printer. It cuts posterboard to exacting size, for use in his big printer. Cuts perfectly straight long lines on the really heavy stock, both side and end. Brought in the computer and cutter, the computer had an OS meltdown due to dying hdd. It was 10 years old. He was lucky I even had experience with an OS that old. But although I could fix the OS, the software that ran the cutter had draconian DRM on it that made it require reinstallation when moved to another hard drive. I was unable to crack the protection, and he was unable to find the original discs. So he had to buy new software. (several thousand dollars) Come to find out, the new software wouldn't run on the old computer, NOR would it run the old cutter. He went from cussing over having just put in a new set of $250 blades, to REALLY cussing for having to buy a new cutter. (10 grand) And a new computer of course, which ended up being the cheapest angle.
Story 2:
Audio recording man. Does high end audio mixing and CD mastering. Had problems with a reinstall of his pro audio software. Come to find out he'd been with them since the start version 1.0, 1995'ish. He tried to reinstall the software, and it was an update and failed to find the older software so it wouldn't install. (and it wasn't the type to ask you to insert the older disc or type in the older license code, it required the previous version to be installed)
It took several days of scrounging around to find ancient machines and MEDIUM DENSITY FLOPPY DRIVES so we could start the installation chain from his version 1.0 floppies on Mac OS 7, and work forward, to vers 2, 2.,5, 3.0, 3.5, 4.0, 5.0, 6.0, and finally to his version 7. This wasn't so much a case of living in the past, but his software sure was.
Story 3:
Local newspaper. 7 machines about 8 years old, including server. Running old versions of adobe, quark, and pagemaker products. Kept telling them this is a bad idea holding off on upgrades so long. Editor was a penny pincher and refused to listen. Put more memory in. Upgrade/replace that hard drive. Who cares if the server has no video, it still works.
One of their desktops dies. Unrepairable, parts not available. So they bought a new machine. Whoops, it comes with a new os, won't run the old pro software. So they buy one set of licenses for it. Whoops, it can import from the old software but not export back to it and they have to be able to share. So they buy more licenses. Whoops, those won't install on the older systems, OS is too old. Looking further, whoops, their hardware is too old to install the reuqired OS.
So, all at once, they had to buy a new server, 8 new desktops, tens of thousands of dollars in software, and spend the next several months in the hell that is doing an import-open on everything they double click, requiring proofing and corrections/adjustments. I'm amazed the editor didn't have a heart attack.
Story 4:
This is one I see retold several times a y
I wonder though, if they don't find a way to lengthen the telomere tail on the cell's dna, it's age won't be reset. You can't just take anyone's skin cells and make stem cells from them, if they're older generation cells the telomere tail will be short and the cell culture's lifespan will also be short.
tidally locked isn't necessarily a bad thing. It guarantees that there's a "habitable ring" around the planet that is between the hot and cold side's temps, and its unchanging. So in some respects, it's better than earth here where we have to get used to day/night shifts. Look at what say, the desert does from noon to midnight, huge temp swings. It also means it doesn't have seasons since it's rotational axis is perpendicular to its orbital path. (consider the vast differences we get on the majority of the earth due to change in season) So not only do you have a wide variety of temperatures, but they're almost absolutely stable.
And really, once life gets going and has time to start evolving and improving its ability to adapt, the limits of temperature in general matter less and less and life just spreads out to colonize before-unclaimed territory.
That's something I was contemplating... the app itself and the price its set at (as well as other factors) could dramatically affect these numbers.
For example, if adobe were to loosen their DRM system on say, elements, a very useful and respected app, and price it at $500 a license, the pirated vs legit licenses would be somewhere around 95%. OTOH if the app was priced at $10/license and kept its DRM, the rate would probably be somewhere around 5%. The piracy rate is a function of the DRM and and of the value of the software and the reasonableness of the price for a specific market.
The market also plays into it a bit. You may have a wickedly useful app in a highly specialized market, so you price it high and still get low piracy rates because the ones buying it need it, recognize its quality, and can easily afford it. But then say a smaller amateur market realizes how useful it can be to them, but no way in hell they want to pay whats being asked for it for a hobby, so the piracy rate in that market, for the same app, could easily be over 90%.
Compare say, photoshop in CS, versus elements. They used plan B. When people with shallower pockets want to use your pricey software, the profitable way to do it is to offer a lower grade of software, at a lower price, so they can reasonably buy instead of pirate. It's when a small number of large sales gets less profit than a much larger number of smaller sales.
You have to fine tune your price point to optimize your revenue. Too low and you're missing out on what people are willing to pay. Too high and piracy starts to drive the curve downward on the other side. Either find the sweet spot for your one product, piss everyone off with draconian DRM, or offer multiple tiers of your product at different price points. Of course having multiple versions of your software makes fine tuning your price points a major headache, but can work to squeeze the most out of the market.
I guess all I'm saying is that piracy rate in itself doesn't really say much about where the problem is. Anyone that tells you that this leads to just one obvious conclusion, (like, oh we NEED DRM! or THIS PLATFORM'S USERS ARE ALL PIRATES!) is either an idiot, or is pushing an agenda. So someone bringing up a specific software example without providing any of the necessary details to sort out all the possible factors is either an idiot or is trying to deceive you.
security is only added for "too easy" breaches. And then raised as necessary.
And windows of course doesn't NEED more security than say, it has NOW. (zeus botnet just isn't bigtime enough yet, costing consumers a paltry 2mil)
every (non ssd) hard drive has four rare earth magnets in the arm positioning system... I wonder what this will do for hard drive production?
They need to treat this like what it is -- the theft of their property
Interpretation of law becomes muddy when someone "finds" something. Many states have "good faith" type laws that try to clarify when it's obviously not abandoned property, having to make a good faith effort to return it, posting "found" notices etc and waiting awhile etc. "Finders keepers" rarely wins the at the end of the day, but it can involve a fight on behalf of the original owner. Items that can autonomously run away are granted significantly more leeway here. (your lawnmower won't just run away from home to be found by someone a few blocks away in a park, lonely and hungry)
No one actually said anything about the pet being stolen, that just seems to be what everyone is suspecting, which in the case of a pet is not usually a safe assumption.
It may also get into 3rd party issues. They may have gotten the animal from a shelter. Or from an ad in the paper. Possession of stolen property loses you the right to compensation if you had to pay for it, (speaking from experience here...) but unless you can prove theft, the issue of compensation may also come up.
The chip company I fully support: they should not ever give out personal information without court orders. That's basic privacy protection.
The point many seem to be overlooking is that the original owner was sold a product specifically designed to identify their property. I very much doubt any information was given to the owner that "and oh by the way, when you find you NEED to locate your pet, we're going to use this law as an excuse not to provide you with the service you are purchasing from us today".
So while the chipper technically is behaving legally, the original terms of sale etc are not being honored, and at this point, going after them on these grounds may be the best recourse. But then, winning a judgement against the chipper for breach of contract or unfit for purpose won't get them their pet back, but just might win a large enough judgement to force some change.
The two sorts of change that may occur are to either add a term in their contract saying they won't help under this circumstance, or adding a term saying if you bring your animal to us to chip and we find out it's already chipped, you agree beforehand that we can turn your information over. Of course the latter makes more sense for the consumer.
But the whole matter of the judge claiming no jurisdiction may just mean they have to take their case to a judge that does feel they have jurisdiction. But you've probably got the original owner in one state, the new owner in another state, and the chipper in a third state, so this may just prove to be a complete runaround with no one willing to claim jurisdiction.
I don't even recall being able to see the floor last time I flew. Rows of people's legs to my sides, with a seat in front of me almost overhanging my lap. The whole body of the plane being clear wouldn't have improved my view much besides up, and I see plenty of sky while walking to my destination thankyouverymuch.
The new bill would give the government the authority to shut down the sites with a court order; the site owner would have to petition the court to have it lifted.
Did I read that right, that they can get the site yanked, and then you have to get to work to prove your innocence before you can have your site back up?
I wonder what happens when you ask the system to zero a ssd then? the blocks that had already been zero'd would probably not be touched since they were already zeroed. (for performance reasons)
Reason being, for someone with the proper very expensive toys, it's probably not impossible to determine the last state of a flash block before it was last flashed to zero.
How about using stenography on those fragments
Yep that was the other option I was waiting for someone to bring up. There are two ways to hide something from discovery... out of sight (stenography) and in plain sight. (as discussed above)
You either have to make your data look normal, or make all the rest of the data look just as abnormal as yours. (make your data look unexceptional, one way or another)
Stenography has the advantage of not having to make everything look abnormal. But it has other drawbacks/tradeoffs, such as limited size and limited application. (usually involving hijacking of lowest order bits in things like images or padding slack space such as at the end of files - both of which run risks of being accidentally destroyed since they're using reserved space)
Looks like it uses "srm". manning on srm, I would speculate that secure trash empty does a "medium grade" secure:
overwrite the file with 7 US DoD compliant passes (0xF6, 0x00, 0xFF, random, 0x00, 0xFF, random)
Over the course of a lot of hard drive use, that would create a lot of random information in the free space, probably eventually covering most of your free space. It'd still be a good idea to start with a completely randomized partition though.
Another poster just below says "Deallocated blocks will have content that's far from random, but still high entropy."
Not really. Files nowadays are generally stored unfragmented, due to large hard drive capacities. File headers make for easy pickings to sort out what's compressed and what's not. Many apps that store files in encrypted format have headers that can be easily verified as being created by the encryption program. (encrypted disk images for example) If you can identify the file as being compressed, you can handle it differently.
However, absolute random noise on a disk isn't all that usual,
Actually, nowadays, it's extremely unusual. Blocks are all zero'd from the factory, and anything you save over them that's later marked free will almost certainly be far from random. (like pieces of pictures, documents, applications, etc)
Really, statistically speaking, if you wanted to look on a hard drive for encrypted data, your best bet would be to go looking for blocks of high entropy data.
The only defense against this would be if you did a random wipe of your hard drive when you bought it, and then reinstalled, and patched your OS to automatically random-wipe files before deleting or updating/moving them. But then you get into the area of "this person is obviously going to a lot of work to make it easy to hide something from us", which by itself raises an eyebrow.
And on that note, I'm a little surprised now that I think about it, that I can't come up with a single example anywhere of a native or add-on OS feature for any OS, that does random-wipe-on-delete. OS X has "erase free space" built into disk utility, and you can find an app to do this for other OSs, but obviously zero'd blocks are not what we need to be creating. And the fact that you have to do this step manually, and it takes HOURS to run usually, is also surprising. I don't know offhand if OS X's "secure empty trash" zeros or randoms, but you're not likely to do that for EVERYTHING you throw away since it takes time, and since a lot of files get moved/deleted by the OS automatically without doing this. (end problem: anyone with a clue knows you can't hide anything in a bunch of zero'd blocks)
Guilty until proven innocent is traditional for males accused of sex crimes in America.
where are my mod points when I need them? MPU
If they're already doing the serial number, then a unique random code wouldn't be much of a bother.
There'd have to be more to it than just that though. Usually in those cases (such as with the sat receivers) they have to put in special circuitry in the chip.
lets say they didn't do that and just put another random number in there, lets not even say they hash the sn, we'll give them benefit of the doubt that they use a real random number and just keep a table at the plant for sn and random unlock code.
Then when you "purchase your upgrade", they mail you a link to a downloadable program, and an unlock key. You download the program, punch in the key, and the program confirms the key matches your proc and its random number, and the program then tells the processor to bump.
See the problem? The program is the gatekeeper, not the chip. Ten minutes with a disassembler and you figure out how the program is talking to the chip to unlock it, and it's cracked.
First, a clarification. It's totally impractical to physically differentiate chips during production. They use lithography, and you can't just have a machine at the end of the line that goes in with tweezers making jumper changes. The chips instead have a grid of blowable fuses. At the end of the line, the machine with the SN list drops down the pins onto the chip and runs the initial tests on the chip, and then blows the fuses corresponding to the serial number of the chip. This is irreversible. This is how they all do it. And this is how they would set an unlock code too.
Getting back to the problem. If all you are doing is setting another number on the chip, you aren't protecting the chip, you're only using it as a way to store another number. The only reason you need to know the number to unlock the chip is because the unlock program insists on your license key matching the code it reads off the chip. The program is a very weak protection, easily cracked or decompiled.
The "correct" way to do it is different:
The unlock code is still blown fuses like the serial number, but with a difference. It's WRITE ONLY. There's no instructions you can send to the processor to ask it what its unlock code is. Instead, there's a new procedure added to the chip that allows the license program to SEND the unlock code to the chip. The chip then, internally, compares the provided number with the burned one, and if they match, it unlocks. If not, it doesn't. And done properly, it won't allow another attempt for some time, possibly until it's been power cycled. This prevents brute-forcing it.
(some of the more viscous methods used in the cable industry are to only allow a fixed number of attempts, and after so many fails, the chip bricks itself or becomes permanently locked etc, via burning another of its internal fuses)
This takes protection out of the hands of the program, and puts it in the processor, safely out of reach of most people. But it does require some additional changes to the chip. In retrospect, considering all that's IN the chip to begin with, I suppose it's not that big of a deal to add, but I just wanted you to understand it's not just a matter of writing another number to the fuses.
If they were stupid, the unlock code would be a hash of the proc sn. In that case, it's quite possible that the hash algorythm could be discovered, in which case anyone could write an unlocker or a keygen for the downloadable app.
But if they were using a hash, then it wouldn't be necessary to burn the unlock code into the chip, since the proc could run the hash on its sn itself and compare with the provided hash. But as I said, that would be the stupid way to do it, and I doubt it would save them much money in the long run even if it never was broken.
it would be completely impractical to try to hard code a different key onto each chip during manufacturing.
if they wanted to do this they'd have to have a fuse array in it like the satellite dish receivers use to decrypt their signals, set at the factory after production.
Possible... yes. Expensive... somewhat. Added complexity... absolutely. Likely.... not really.
It'll just come down to knowing a supasecret opcode sequence to execute that causes the chip to shift into higher gear until it gets reset. (powered off) So they'll send you a little bit of software that installs a startup item that loads and boosts the proc at some point in the boot process. It'll be just as (in)effective as any other software antipiracy method. I'm sure they'll try all sorts of tricks like keys customized to your windows key but in the end it all comes down to someone prying open the program and giving it some brain damage so it behaves more generously. Tho if it really is a simple opcode sequence, the pirates will probably chuck the program after they've decompiled it, and write a one-liner that unlocks it for you anytime you want.